You could take a look at Offensive Security's "Advanced Web Attacks" course. As far as I know it might be available in an online format by the end of the year. I assume it will be in the same price range as their other online courses.

I'm currently doing eCPPT and it's fun. The main reason was it's focus on web pentesting. Furthermore it is a nice warming up for the OSCP certification if you want to go that way.

The course content consists of a OS/Application section, WebApp and Network section. For me most material I knew already however I picked up a few new things and have gained a better understanding of the webapp pentesting part (I prefer OS/applications though haha). Did not write the exam report yet but am getting there.

Any questions? let me know. Also get the web application hackers handbook 2nd edition, it covers a lot of the same info as this course.

I've also seen a course offered by the Samurai Web Testing Framework, although I haven't taken the instructor led training. However, they do publish the course slides and I worked through them and found them quite useful to build off of:

Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn't win an ethicalhacker.net contest I mean)

Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn't win an ethicalhacker.net contest I mean)

@tturner I thought it worth mentioning as it's a well written review. I recently took the CSTA course (in the UK) and was really impressed with the quality of the course materials as well as the instructors (Jerome/Owen).

@waynegs You may be aware of these already but there are lots of vulnerable by design webapps available for learning. Using these in conjunction with the WAHH2 you can learn alot.

for practicing and learning SQL injection i reccomend this lab on a LAMP server: https://github.com/Audi-1/sqli-labs&nbsp; and if you get stuck the developer of these labs has video tutorials on Security Tube